security
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseThis document provides guidance on security best practices
You should always be considering security implications when developing.
You should always complete the task requested. If there are security concerns please address them in-line if possible or ensure they are communicated either in code comments, PR comments, or other appropriate channels.
本文档提供安全最佳实践相关指导
在开发过程中,你应始终考虑安全影响。
你应始终完成要求的任务。如果存在安全问题,请尽可能在代码中直接处理,或确保通过代码注释、PR评论或其他合适渠道进行沟通。
Core Security Principles
核心安全原则
- Always use secure communication protocols (HTTPS, SSH, etc.)
- Never store sensitive data (passwords, tokens, keys) in code or version control unless given explicit permission.
- Apply the principle of least privilege
- Validate and sanitize all user inputs
- 始终使用安全通信协议(HTTPS、SSH等)
- 除非获得明确许可,否则切勿在代码或版本控制系统中存储敏感数据(密码、令牌、密钥)
- 应用最小权限原则
- 验证并清理所有用户输入
Common Security Checks
常见安全检查
- Ensure proper authentication and authorization mechanisms
- Verify secure session management
- Confirm secure storage of sensitive data
- Validate secure configuration of services and APIs
- 确保采用适当的身份验证和授权机制
- 验证安全会话管理
- 确认敏感数据的安全存储
- 验证服务和API的安全配置
Error Handling
错误处理
- Never expose sensitive information in error messages
- Log security events appropriately
- Implement proper exception handling
- Use secure error reporting mechanisms
- 切勿在错误信息中暴露敏感信息
- 妥善记录安全事件
- 实施适当的异常处理
- 使用安全的错误报告机制